Ransomware Attack on Nevada Heart Vascular Center by BlackSuit

The Nevada Heart Vascular Center, a leading healthcare facility specializing in comprehensive cardiovascular care in Southern Nevada, has fallen victim to a ransomware attack orchestrated by the cybercriminal group known as BlackSuit. This attack has compromised a significant amount of sensitive data, raising serious concerns about data security and patient confidentiality.

About Nevada Heart Vascular Center

Founded in 1998, Nevada Heart Vascular Center has grown to become the largest cardiology practice in Nevada, with a substantial presence in the local healthcare landscape. The center operates more than 40 locations and maintains active charts on approximately 84,000 patients. The medical team consists of experienced cardiologists who provide personalized treatment plans using advanced technology and innovative techniques. The center offers a wide array of services, including diagnostic and therapeutic procedures for heart-related issues such as coronary artery disease, heart rhythm disorders, congestive heart failure, and peripheral vascular disease.

Attack Overview

The ransomware attack was discovered on July 16, 2023, and has affected over 23,886 files and 6,713 directories, totaling more than 41 billion bytes of data. Critical files such as compliance documents, genetic testing results, and billing logs are among the compromised data. The center's website (nevadaheart.com) and phone number ((702) 227-3422) have potentially been affected. The attack has disrupted administrative documents, billing information, clinical scheduling, and medical records, impacting the center's operations and patient care.

About BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023 and is closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victim communication. Researchers have found a high degree of similarity between BlackSuit and Royal ransomware, suggesting that BlackSuit could be a new variant developed by the same authors, a copycat, or an affiliate of the Royal ransomware gang.

Potential Vulnerabilities

The extensive digital infrastructure and large patient base of Nevada Heart Vascular Center make it a lucrative target for ransomware groups like BlackSuit. The center's reliance on electronic medical records and advanced technology, while beneficial for patient care, also presents vulnerabilities that can be exploited by sophisticated cybercriminals. The attack underscores the critical need for enhanced cybersecurity measures in healthcare facilities to protect sensitive patient data and ensure uninterrupted medical services.

Sources

• Nevada Heart and Vascular Center
• Security Affairs
• Bleeping Computer
• A&M Capital